StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

POHelp with iOS authentication using user token, rest/rails, and keychain
primarykey
Id
4479802
data
AcceptedAnswerId
4480936
AnswerCount
2
ClosedDate
CommentCount
2
CommunityOwnedDate
CreationDate
2010-12-18T19:42:55.580
FavoriteCount
21
LastActivityDate
2012-02-16T10:21:56.303
LastEditDate
2010-12-18T20:27:39.010
LastEditorUserId
499445
OwnerUserId
499445
ParentId
0
PostTypeId
1
Score
17
ViewCount
7934
LastEditorDisplayName
text
Body
I have a Rails application (irrelevant, I know) and I want to authenticate an iOS app against the Rails app, and persist the authentication so future requests to the Rails API work without re-authenticating each request. Conceptually, here's what I want to do... I'm not sure if this is the best approach, though. Alright, so in my Rails app each user has a unique token (SHA1 hash). I was thinking the first time the iPhone app is loaded, the user would see a username/password screen. They'd enter their credentials for the Rails app, and upon successful authentication, the Rails app would return their unique user token that could then be stored in the keychain? And from there on out, I was thinking I could simply append the user token to all API requests and that's how I could verify the user within the Rails app. This would also keep the username/password independent of the iPhone app (so the user could change their username/password in the Rails app, but the iPhone app wouldn't care about that since it would be using their token, which would not change). I thought my URL requests might look something like this: <pre><code>http://example.com/api/v1/[whatever].json?token=XXXXXXXXXXXXXXX </code></pre> Does that sound like a reasonable approach to take? Or are their concerns I'm not aware of with this approach? I've been doing Rails work for a long time, but I'm relatively new to iOS (only have 1 app under my belt, and it didn't require any authentication). If this is a good approach to take, is it hard to work with the keychain? I think I read that the simulator and the device itself don't support the same API's for keychain access? (or maybe the simulator doesn't support mock keychain access) Thanks in advance. I tried searching through older posts, but none seem to answer my specific situation.
Tags
<iphone><ruby-on-rails><objective-c><ios>
Title
Help with iOS authentication using user token, rest/rails, and keychain
singulars
PostAcceptedAnswerId
1. PO
 singulars
 PostTypePostTypeId
 PTAnswer
PostParentId
1. This table or related slice is empty.
PostTypePostTypeId
1. PTQuestion
UserLastEditorUserId
1. USrpheath
UserOwnerUserId
1. USrpheath
plurals
PostLinksPostIdRelatedPostId
1. This table or related slice is empty.
PostLinksRelatedPostIdPostId
1. This table or related slice is empty.
PostsAcceptedAnswerId
1. This table or related slice is empty.
PostsParentIdCreationDate
1. PO
 singulars
 PostTypePostTypeId
 PTAnswer
2. PO
 singulars
 PostTypePostTypeId
 PTAnswer
VotesPostIdCreationDate
CommentsPostId
1. COHey mate, just wondering if you ended up with a solution to this, I'm in the same situation now and kinda stuck.
 singulars
 PostPostId
 POHelp with iOS authentication using user token, rest/rails, and keychain
 UserUserId
 USChris G
2. COI'm assuming you just typed http for the example but for other people reading the question/answers, if you're going to include the authentication string in your API requests, you need to be using https or anyone could just watch the requests and then steal your authentication token. The best way to implement this would probably be to use some sort of challenge-response method that generates a new authentication token every time you launch the app. Then the attacker would only have a token valid for X amount of minutes/hours, instead of the challenge (aka private key) that can create tokens.
 singulars
 PostPostId
 POHelp with iOS authentication using user token, rest/rails, and keychain
 UserUserId
 USJack Lawrence

Querying!

Guidance

A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.